Phillip Hallam-Baker wrote: > Past history is no guarantee of future performance. Is your argument applicable to the following statement you just made yesterday? : Trust roots have to be valid for at least a decade to be acceptable to : the application vendor community. > A pattern we see repeated over and over again is that a new control on > some form of Internet crime leads to a dramatic short term reduction > even though the control merely increases the cost of crime, not > eliminates the capability. This is the displacement effect. The > criminals attack weaker targets instead. Once the criminals have > exhausted the supply of easy targets the original targets see a sudden > increase in the crime rate, often orders of magnitude in a few days. Note that, given dynamically generated zones, signature generation mechanisms of DNSSEC is rather weaker targets. Masataka Ohta _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf